QUESTION
Do HIPPA privacy laws apply in employer/employee or workplace issues?
Asked on Aug 12th, 2012 on Labor and Employment - West Virginia
More details to this question:
I work with adults with disabilities in a federally funded and licensed healthcare facility. one of my co-workers supposedly "found" my private medical records and showed all my co-workers. The records contained highly personal and potentially damaging information including; positivity for hepatitis C and past IV drug use. Apparently my supervisor was unaware of this. Once all this came out, the co-worker was fired and I met w/ my supervisor. He apologized & showed concern. I hoped that was the end of the hurtful situation even though I felt like something more should have been done. I just wanted to put it behind me b/c I love my job & my clients. Then it came about that my supervisor told the father of one of my clients that I have hepatitis c. This info is not even something he knows to be fact and illegally obtained. I have been very vague b/c it is a long story but isn''t this illegal and aren''t my rights being violated?
1 ANSWER
Alternative Dispute Resolution Attorney serving Charleston, WV
at
Robinson & McElwee PLLC
Update Your Profile
HIPAA prohibits the disclosure of private medical information without the patient's authorization. However, you don't really give enough information to determine whether there has been a violation here. First, we need to know where the medical records were kept. If they were being maintained by your employer, then the employer has an obligation to maintain the confidentiality of the records. We also need to know who "disclosed" the records without authorization. For instance, if your medical records were being maintained by your employer (and I would be curious as to why an employer would maintain detailed medical records regarding employees unless the employer is a health care provider), it would be a violation of HIPAA for the employer to disclose the information. You indicate that someone "found" the records, so we don't know whether the records were disclosed by the employer. About all we can say here is that any entity which maintains detailed medical records concerning an employee has an obligation to keep those records confidential unless the employee/patient authorizes their disclosure.
Answered on Aug 13th, 2012 at 9:16 AM